/** * Load token object, validate it depending on request type, set access data and save * * @return Mage_Oauth_Model_Server * @throws Mage_Oauth_Exception */ protected function _initToken() { $this->_token = Mage::getModel('oauth/token'); if (self::REQUEST_INITIATE != $this->_requestType) { $this->_validateTokenParam(); $this->_token->load($this->_protocolParams['oauth_token'], 'token'); if (!$this->_token->getId()) { $this->_throwException('', self::ERR_TOKEN_REJECTED); } if (self::REQUEST_TOKEN == $this->_requestType) { $this->_validateVerifierParam(); if ($this->_token->getVerifier() != $this->_protocolParams['oauth_verifier']) { $this->_throwException('', self::ERR_VERIFIER_INVALID); } if ($this->_token->getConsumerId() != $this->_consumer->getId()) { $this->_throwException('', self::ERR_TOKEN_REJECTED); } if (Mage_Oauth_Model_Token::TYPE_REQUEST != $this->_token->getType()) { $this->_throwException('', self::ERR_TOKEN_USED); } } elseif (self::REQUEST_AUTHORIZE == $this->_requestType) { if ($this->_token->getAuthorized()) { $this->_throwException('', self::ERR_TOKEN_USED); } } elseif (self::REQUEST_RESOURCE == $this->_requestType) { if (Mage_Oauth_Model_Token::TYPE_ACCESS != $this->_token->getType()) { $this->_throwException('', self::ERR_TOKEN_REJECTED); } if ($this->_token->getRevoked()) { $this->_throwException('', self::ERR_TOKEN_REVOKED); } if ($this->_token->getConsumerId() != $this->_consumer->getId()) { $this->_throwException('', self::ERR_TOKEN_REJECTED); } //TODO: Implement check for expiration (after it implemented in token model) } } else { $this->_validateCallbackUrlParam(); } return $this; }